I m 采用泉子3.2.0
。 I m 试图前往设在WT的Austhentication wth Spring security。 为此,我确定了设在华盛顿州的一个认证过滤器。 问题在于有一条路线:<代码>/auths/public/**,我想允许所有路线。 在安全界,我做了以下工作:
@Configuration
@EnableWebSecurity
@RequiredArgsConstructor
public class SecurityConfiguration {
private final JwtAuthenticationFilter jwtAuthenticationFilter;
private final AuthenticationProvider authenticationProvider;
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.cors(AbstractHttpConfigurer::disable).authorizeHttpRequests((authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
.requestMatchers("/auths/inner/**").hasRole(Role.INNER_SERVICE.name()) // Selectively permitted for users with role INNER_SERVICE with authentication
.requestMatchers("/auths/authenticated/**").hasRole(Role.USER.name()) // Selectively permitted for users with role USER with authentication
.requestMatchers("/auths/public/**").permitAll() // All requests are permitted
.requestMatchers("/actuator/**").permitAll() // All requests are permitted
.anyRequest().permitAll() // All other routes are permitted (!! security alert)
))
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
}
}
这是《维也纳条约法公约》的习俗过滤器。
@Component
@RequiredArgsConstructor
public class JwtAuthenticationFilter extends OncePerRequestFilter {
private final JwtService jwtService;
private final UserDetailsService userDetailsService;
@Override
protected void doFilterInternal(@NonNull HttpServletRequest request, @NonNull HttpServletResponse response,
@NonNull FilterChain filterChain) throws ServletException, IOException {
final String authHeader = request.getHeader("Authorization");
final String jwt;
final String userEmail;
// for public urls
if (authHeader == null || !authHeader.startsWith("Bearer ")) {
filterChain.doFilter(request, response);
return;
}
// To cut out the "Bearer " part
jwt = authHeader.substring(7);
userEmail = jwtService.extractUsername(jwt, true);
if (userEmail != null && SecurityContextHolder.getContext().getAuthentication() == null) {
// user present but not authenticated yet
UserDetails userDetails = this.userDetailsService.loadUserByUsername(userEmail);
if (jwtService.isTokenValid(jwt, userDetails, true)) {
UsernamePasswordAuthenticationToken authToken = new UsernamePasswordAuthenticationToken(userDetails,
null, userDetails.getAuthorities());
authToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(authToken);
}
}
filterChain.doFilter(request, response);
}
}
这里的主要部分是:
http.cors(AbstractHttpConfigurer::disable).authorizeHttpRequests((authorizationManagerRequestMatcherRegistry -> authorizationManagerRequestMatcherRegistry
.requestMatchers("/auths/inner/**").hasRole(Role.INNER_SERVICE.name()) // Selectively permitted for users with role INNER_SERVICE with authentication
.requestMatchers("/auths/authenticated/**").hasRole(Role.USER.name()) // Selectively permitted for users with role USER with authentication
.requestMatchers("/auths/public/**").permitAll() // All requests are permitted
.requestMatchers("/actuator/**").permitAll() // All requests are permitted
.anyRequest().permitAll() // All other routes are permitted (!! security alert)
))
.sessionManagement(management -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
.authenticationProvider(authenticationProvider)
.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
return http.build();
在这里,你可以看到,我已经允许所有线路<代码>/auths/public,但当我请求:
POST http://localhost:5000/auths/public/send?message=Hello_Kafka
I get:
{
"timestamp": "2024-01-15T18:42:16.607+00:00",
"status": 403,
"error": "Forbidden",
"message": "Forbidden",
"path": "/auths/public/send"
}
这些是我请求的标志:
2024-01-16 00:12:16.495
d9814d3abe2031bb
2024-01-16T00:12:16.495+05:30 WARN [auth,0ac98fa25129402e7442fba23c5552be,d9814d3abe2031bb] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-d9814d3abe2031bb] o.s.w.s.h.HandlerMappingIntrospector : Cache miss for ERROR dispatch to /error (previous null). Performing MatchableHandlerMapping lookup. This is logged once only at WARN level, and every time at TRACE.
2024-01-16 00:12:16.550
afab4ea55ae080f6
2024-01-16T00:12:16.550+05:30 DEBUG [auth,0ac98fa25129402e7442fba23c5552be,afab4ea55ae080f6] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-afab4ea55ae080f6] o.s.web.servlet.DispatcherServlet : "ERROR" dispatch for POST "/error?message=Hello_Kafka", parameters={masked}
2024-01-16 00:12:16.558
afab4ea55ae080f6
2024-01-16T00:12:16.558+05:30 DEBUG [auth,0ac98fa25129402e7442fba23c5552be,afab4ea55ae080f6] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-afab4ea55ae080f6] s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped to org.springframework.boot.autoconfigure.web.servlet.error.BasicErrorController#error(HttpServletRequest)
2024-01-16 00:12:16.619
afab4ea55ae080f6
2024-01-16T00:12:16.619+05:30 DEBUG [auth,0ac98fa25129402e7442fba23c5552be,afab4ea55ae080f6] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-afab4ea55ae080f6] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Using application/json , given [*/*] and supported [application/json, application/*+json]
2024-01-16 00:12:16.629
afab4ea55ae080f6
2024-01-16T00:12:16.629+05:30 DEBUG [auth,0ac98fa25129402e7442fba23c5552be,afab4ea55ae080f6] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-afab4ea55ae080f6] o.s.w.s.m.m.a.HttpEntityMethodProcessor : Writing [{timestamp=Tue Jan 16 00:12:16 IST 2024, status=403, error=Forbidden, message=Forbidden, path=/auths (truncated)...]
2024-01-16 00:12:16.659
afab4ea55ae080f6
2024-01-16T00:12:16.659+05:30 DEBUG [auth,0ac98fa25129402e7442fba23c5552be,afab4ea55ae080f6] 47661 --- [auth] [http-nio-auto-1-exec-1] [0ac98fa25129402e7442fba23c5552be-afab4ea55ae080f6] o.s.web.servlet.DispatcherServlet : Exiting from "ERROR" dispatch, status 403
从原木中,我可以看到,由于某种原因,Im 发运会错失手,我无法理解为什么。
整个代码基:Hangout-Auth-service, 核对updated-workflow
页: 1
This compose file will help you setup other dependency services
Additional services required to setup:
,Application Portal, 校对